Windows 7 - Getting rid of/preventing logging

In this vein:

I was playing around with the various reg keys dealing with USB Devices. The permissions on those keys are insane and I gave up. Then I found this:

https://code.google.com/p/usboblivion/

A cursory inspection shows that it works. I need to run it on a box that has had a ton of USB devices installed on it, and then F3 my way through the registry. YMMV, a translation of the Russian forum showed one guy having problems with a USB printer after running it. My laptop showed no ill effects.

Thanks for the info on Linux guys.

PD

 

Something that might be helpful in some cases.

http://www.nirsoft.net/utils/muicache_view.html

 

Phion, you can certainly be pretty safe with Windows, but let's be honest for those with experience around these parts...

Look at this forum in great length and detail and you'll see MASSIVE information on people trying to accomplish just that.

1. Windows and most of the software you use is proprietary, it has it's Pros & Cons

2. Besides your worries over logging, what about system safety, security, privacy and virus/malware problems

3. In regards to number 2 talk about bigger fish to fry, safety, security, privacy in Windows is truly not an easy thing to come by... If the end-user doesn't almost have technical skills or a basic level like a PC Tech, then I can honesty tell you, they are not doing things right, or even close...

In a nutt shell, the Windows system is a bigger pain in the butt out the box to have better safety and security and if you a really care about all this, then you should honestly start looking towards running Unix or Linux...

Also no one says you have to toss out Windows, you can either create a dual boot system, so you can have both systems on the computer, or run like VirtualBox in Linux and run Windows in that for any needs you have....

 

Out of the box - I agree. However I do not believe that Windows 7 with an A+ setup is any less secure than a solid linux distro with A+ setup (ignoring the difference in difficulty in achieving these setups between these two OS's). Would you agree?

 

To make Windows just as secure out the box over a Unix or Linux system, you're going to need some pretty good technical skills...

1. Windows is typically run by most users under the Admin account, Unix & Linux systems you run it as a user.

2. There are more virus/malware problems in Windows

3. Windows leaks and stores data that Unix and Linux do not...

These are 3 problems of many when compared to the differences of Unix, Linux and Windows...

 

Yeah, of course. However this is not what I meant entirely. To elaborate:

If someone with the required technical skills takes the time to configure Windows 7 as best as he can, the system will not be any less secure than if that same person configured a Linux/Unix system as best as he can (assuming his knowledge of all these systems is on an equally high level). Out of the box - yes, linux is more secure. For someone willing to take the time and learn how to secure a Windows system - I think Windows is a more convenient OS.

 

Yes, Win 7 can be made reasonably secure, but it's designed to be privacy hostile. This thread is about Win 7 hoarding metadata, usage tracks, etc. These are much harder to deal with on Win 7 than any previous version of Windows. Users shouldn't have to trade privacy for some semblance of security. Having everything you open or use, and every site you visit logged does not benefit the user. This begs the question, who does it log all this data for. It's not hard to guess.

 

I have a question regarding Windows and data collection. I have Returnil on one computer and Shadow defender on another computer. Let's say that I start my computer, enable either Returnil or Shadow Defender, open up a truecrypt folder on my desktop with my portable browsers, connect my VPN, open portable Firefox with Sandboxie, and do some browsing.

I have eraser configured with Sandboxie. So I delete the sandbox, dismount the truecrypt container and restart my computer. I also have Microsoft Fix It to clear the pagefile at shut down.

So after my computer restarts, want kind of personal data is left from my previous session?.

 

I agree with you.

To answer the OP's question, yes--you can prevent Windows from logging everything. It just takes a little bit of work and patience. Of course, I realize not everyone's cut out for it... but personally, I enjoy learning the inner workings of my operating system, so I embrace the challenge. As they say... when there's a will, there's a way.

Here's a brief outline of some things you can do to run a mostly self-cleaning instance of Windows:

• Disable sleep, hibernation, and paging file
• Turn off Windows Search and Indexing
• Turn off System Restore and Remote Assistance
• Disable Prefetch, Superfetch, and ReadyBoot
• Turn off Event Trace logging (*.etl files)
• Turn off Volume Shadow Copy (Windows service)
• Disable other unwanted Windows Services and Scheduled Tasks (error reporting, Application Experience, CEIP, etc.)
• Disable automatic registry backups (do your own backups of clean registry only)
• Turn off recent documents history, user tracking, location awareness, etc. (using the Group Policy editor)
• Disable setup API logging (registry tweak to prevent %windows%\inf\setupapi.*.log from being written to)
• Disable ComDlg32 history, MRU logging, Bags, recent file/path lists, etc. (you can set certain registry keys to 'read-only')
• Create junctions to force all TEMP directories, logs, cache, memory dumps, etc. to be written to a RAM disk instead of your physical disk. This way, all of your Windows Event logs, Recent/Jump list logs, thumbnail cache, browser/Flash/Java caches, Temp files, etc. can be completely destroyed just by hitting the 'power' button... no need for wiping utilities.

As proof-of-concept, you can run forensic investigation tools (EnCase, Cofee) against yourself to see if you did a good job or not.

Inevitably, you'll still have a few areas of Windows that may need to be cleaned up manually, but these are generally lower-priority items.

PaulyDefran mentioned USB Oblivion. I haven't tried that one yet, so I can't comment on how effective it is. But I do use a similar tool called DriveCleanup. It cleans up registry artifacts (drive letters/device info) left behind by removable devices as well as physical or virtual disks--including TC volumes. Ideally, you can incorporate it into a batch file that runs automatically every time Windows shuts down.

Another thing you can do is run NT Registry Optimizer periodically to compact and defragment the Windows registry. This is important because when the OS deletes a registry key, it's kind of like deleting files--it's not really deleted until it's overwritten by something else. NTREGOPT will take care of that problem by exporting the registry and rebuilding the hive files. Don't confuse this with one of those dubious registry "cleaner" programs. You're not actually changing or deleting anything in the registry, so it's pretty safe.

Contrary to the opinion of some here on the forum, I do NOT think that the majority of Windows logging is "evil" or otherwise rooted in bad intentions. The fact is, the average non privacy-conscious user actually prefers the convenience of having Windows remember recent file locations, Typed URLs, and such. The developers designed it this way on purpose because having a good (easy) user experience appeals more to the masses than privacy. Having said that, I do think they got a bit carried away with the extensive logging of program activity, updates, system events, etc... but I suppose some program debuggers and PC repair technicians out there appreciate these extra "features" as well. Personally, I don't care for all that extra bloat... but to each his own.

 

As usual, a Wilder's topic had me guinea pig a test box and try out a bunch of 'Cleaners' . I have Slim Cleaner and CCleaner (you have to created a Scheduled Task, using CCleaner.exe /AUTO switch) running on a schedule, Xleaner on demand, Clean After Me on demand, and Comodo System Utilities 4.0 on demand. Comodo's scheduler doesn't seem to work and it's a little quirky when setting up the rules (you can't un-check something in the default levels, and have it remembered) If you create a custom level, it sometimes doesn't show you the underlying keys that can be deleted. It *does* warn about dangerous options in the Registry section. DO NOT try Comodo System Cleaner 3.0 without a good image backup...it BSOD'd Win 7 32 on me on every reboot attempt. 3.0 was nice because it had 'Active Clean' and a bunch of protection options for free...4.0 wants money for those. All the other ones mentioned caused no problems, even when maxing out all the options. Clean After Me offers a USB Cleaning option. Xleaner offers about 400 application cleaners, including TrueCrypt 'Last Mounted' cleaning. Xleaner can run at start up, clean, and then exit if you want. Same with CCleaner...but I hardly ever reboot this one box, so did two on a schedule and the rest on demand. All offer secure delete options. I *did not* go through the registry to verify anything. I didn't have any PC related issues other than with Comodo 3.0.

PD